KV plugin filter not working

br14nb0 · May 29, 2018, 2:54pm

This is my config filter
grok {
match => { "message" => "<%{INT:number}>%{SYSLOGTIMESTAMP:timestamp}%{SPACE}%{NOTSPACE:app}%{SPACE}%{NOTSPACE:logsource}[%{WORD:status}]%{SPACE}%{INT:eventid}%{SPACE}%{GREEDYDATA:mess}.%{SPACE}%{GREEDYDATA:service}:%{SPACE}%{GREEDYDATA:wininfo}"}
}
kv {
source => "wininfo"
value_split => ":"
field_split => "\x7f+"}
}

Character "\x7f" is DEL character, it seperates the pairs. But kv not working at all. Thanks for any helps

rcowart · May 29, 2018, 3:17pm

field_split takes only a single character. You need to use field_split_pattern which takes a regex.

br14nb0 · May 30, 2018, 2:14am

I am using logstash 6.1.0, and this is my ERROR when use split pattern
[ERROR][logstash.filters.kv ] Unknown setting 'field_split_pattern' for kv
I checked the document about KV filter, I don't understand why it is false.

rcowart · May 30, 2018, 8:04am

You can update the plugin by running logstash-plugins update logstash-filter-kv or just update all plugins with logstash-plugins update

br14nb0 · May 30, 2018, 8:43am

Okay thanks. I solved it

system · June 27, 2018, 8:43am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kv filter's behavior when square brackets in log data Logstash	2	1178	August 18, 2017
Kv filter plugin when there are spaces in key and value Logstash	5	8842	July 6, 2017
Kv filter value is not always correctly extracted using value_split_pattern Logstash	5	689	December 4, 2018
Using Grok with KV filter Logstash	6	8861	March 27, 2019
KV filter and fields separator Logstash	24	2109	June 16, 2021

KV plugin filter not working

Related Topics